Pwn2Own: iPhone and Blackberry hacked

On the second day of the Pwn2Own contest held at the CanSecWest conference, iPhone and Blackberry devices have been successfully exploited, while the scheduled Android and Windows Phone 7 attacks didn’t take place because the contestants didn’t show up.

The iPhone was breached by Dion Blazakis from Independent Security Evaluators and Charlie Miller, a researcher renowned for hacking Apple products – especially at Pwn2Own. According to ZDNet, they managed to compromise an iPhone 4 running iOS 4.2.1 via an exploit served on a specially crafted webpage.

A flaw in the MobileSafari browser allowed them to compromise the OS by bypassing Data Execution Prevention (DEP) and hijack the phone’s address book. The prize for their success was $15,000 in cash and the hacked iPhone 4.

Miller himself admits that the exploit wouldn’t work on the latest iOS 4.3 update, since Apple has added ASLR (address space layout randomization) to it.

The hacking of the Blackberry Torch 9800 running Blackberry 6 OS was executed by Vincenzo Iozzo, Willem Pinckaers and Ralf Philipp Weinmann. As a side note, Iozzo and Weinmann hacked the iPhone in last year’s edition of the contest.

Taking advantage of various vulnerabilities in WebKit, an open-source browser recently added to Blackberry, they stole the device’s contact list, image database, and wrote a file into it by chaining together a series of bugs.

For their efforts, they received a $15,000 cash prize and the hacked device.

The attack is rather impressive when taking in consideration the fact that BlackBerry is a rather unknown system. “We know there’s a browser and a Java virtual machine. We had to assume that once we take over the browser, we can get further into the system,” Iozzo said to ZDNet.

Adrian Stone, the director RIM’s security response team, was also present during the attack and said that the team will try out the exploit on the latest version of the firmware to see if it will work – and if it does, immediately start working on a patch. He also added that RIM is planning to add ASLR and DEP to future versions, which should make future attacks much harder.

The researchers that were scheduled to attack Android and Windows Phone 7 didn’t show up. The researcher who intended to test Firefox withdrew from the competition because his exploit was unstable.